End-to-End Encrypted Group Messaging with Insider Security

Our society has become heavily dependent on electronic communication, and preserving the integrity of this communication has never been more important. Cryptography is a tool that can help to protect the security and privacy of these communications. Secure messaging protocols like OTR and Signal typically employ end-to-end encryption technology to mitigate some of the most egregious adversarial attacks, such as mass surveillance. However, the secure messaging protocols deployed today suffer from two major omissions: they do not natively support group conversations with three or more participants, and they do not fully defend against participants that behave maliciously. Secure messaging tools typically implement group conversations by establishing pairwise instances of a two-party secure messaging protocol, which limits their scalability and makes them vulnerable to insider attacks by malicious members of the group. Insiders can often perform attacks such as rendering the group permanently unusable, causing the state of the group to diverge for the other participants, or covertly remaining in the group after appearing to leave. It is increasingly important to prevent these insider attacks as group conversations become larger, because there are more potentially malicious participants. This dissertation introduces several new protocols that can be used to build modern communication tools with strong security and privacy properties, including resistance to insider attacks. Firstly, the dissertation addresses a weakness in current two-party secure messaging tools: malicious participants can leak portions of a conversation alongside cryptographic proof of authorship, undermining confidentiality. The dissertation introduces two new authenticated key exchange protocols, DAKEZ and XZDH, with deniability properties that can prevent this type of attack when integrated into a secure messaging protocol. DAKEZ provides strong deniability in interactive settings such as instant messaging, while XZDH provides deniability for non-interactive settings such as mobile messaging. These protocols are accompanied by composable security proofs. Secondly, the dissertation introduces Safehouse, a new protocol that can be used to implement secure group messaging tools for a wide range of applications. Safehouse solves the difficult cryptographic problems at the core of secure group messaging protocol design: it securely establishes and manages a shared encryption key for the group and ephemeral signing keys for the participants. These keys can be used to build chat rooms, team communication servers, video conferencing tools, and more. Safehouse enables a server to detect and reject protocol deviations, while still providing end-to-end encryption. This allows an honest server to completely prevent insider attacks launched by malicious participants. A malicious server can still perform a denial-of-service attack that renders the group unavailable or "forks" the group into subgroups that can never communicate again, but other attacks are prevented, even if the server colludes with a malicious participant. In particular, an adversary controlling the server and one or more participants cannot cause honest participants' group states to diverge (even in subtle ways) without also permanently preventing them from communicating, nor can the adversary arrange to covertly remain in the group after all of the malicious participants under its control are removed from the group. Safehouse supports non-interactive communication, dynamic group membership, mass membership changes, an invitation system, and secure property storage, while offering a variety of configurable security properties including forward secrecy, post-compromise security, long-term identity authentication, strong deniability, and anonymity preservation. The dissertation includes a complete proof-of-concept implementation of Safehouse and a sample application with a graphical client. Two sub-protocols of independent interest are also introduced: a new cryptographic primitive that can encrypt multiple private keys to several sets of recipients in a publicly verifiable and repeatable manner, and a round-efficient interactive group key exchange protocol that can instantiate multiple shared key pairs with a configurable knowledge relationship

Data Hiding and Its Applications

Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others

Physical Unclonability Framework for the Internet of Things

Ph. D. ThesisThe rise of the Internet of Things (IoT) creates a tendency to construct unified architectures with a great number of edge nodes and inherent security risks due to centralisation. At the same time, security and privacy defenders advocate for decentralised solutions which divide the control and the responsibility among the entirety of the network nodes. However, spreading secrets among several parties also expands the attack surface. This conflict is in part due to the difficulty in differentiating between instances of the same hardware, which leads to treating physically distinct devices as identical. Harnessing the uniqueness of each connected device and injecting it into security protocols can provide solutions to several common issues of the IoT. Secrets can be generated directly from this uniqueness without the need to manually embed them into devices, reducing both the risk of exposure and the cost of managing great numbers of devices. Uniqueness can then lead to the primitive of unclonability. Unclonability refers to ensuring the difficulty of producing an exact duplicate of an entity via observing and measuring the entity’s features and behaviour. Unclonability has been realised on a physical level via the use of Physical Unclonable Functions (PUFs). PUFs are constructions that extract the inherent unclonable features of objects and compound them into a usable form, often that of binary data. PUFs are also exceptionally useful in IoT applications since they are low-cost, easy to integrate into existing designs, and have the potential to replace expensive cryptographic operations. Thus, a great number of solutions have been developed to integrate PUFs in various security scenarios. However, methods to expand unclonability into a complete security framework have not been thoroughly studied. In this work, the foundations are set for the development of such a framework through the formulation of an unclonability stack, in the paradigm of the OSI reference model. The stack comprises layers propagating the primitive from the unclonable PUF ICs, to devices, network links and eventually unclonable systems. Those layers are introduced, and work towards the design of protocols and methods for several of the layers is presented. A collection of protocols based on one or more unclonable tokens or authority devices is proposed, to enable the secure introduction of network nodes into groups or neighbourhoods. The role of the authority devices is that of a consolidated, observable root of ownership, whose physical state can be verified. After their introduction, nodes are able to identify and interact with their peers, exchange keys and form relationships, without the need of continued interaction with the authority device. Building on this introduction scheme, methods for establishing and maintaining unclonable links between pairs of nodes are introduced. These pairwise links are essential for the construction of relationships among multiple network nodes, in a variety of topologies. Those topologies and the resulting relationships are formulated and discussed. While the framework does not depend on specific PUF hardware, SRAM PUFs are chosen as a case study since they are commonly used and based on components that are already present in the majority of IoT devices. In the context of SRAM PUFs and with a view to the proposed framework, practical issues affecting the adoption of PUFs in security protocols are discussed. Methods of improving the capabilities of SRAM PUFs are also proposed, based on experimental data.School of Engineering Newcastle Universit

Performance analysis for wireless G (IEEE 802.11G) and wireless N (IEEE 802.11N) in outdoor environment

This paper described an analysis the different capabilities and limitation of both IEEE technologies that has been utilized for data transmission directed to mobile device. In this work, we have compared an IEEE 802.11/g/n outdoor environment to know what technology is better. The comparison consider on coverage area (mobility), throughput and measuring the interferences. The work presented here is to help the researchers to select the best technology depending of their deploying case, and investigate the best variant for outdoor. The tool used is Iperf software which is to measure the data transmission performance of IEEE 802.11n and IEEE 802.11g

Performance Analysis For Wireless G (IEEE 802.11 G) And Wireless N (IEEE 802.11 N) In Outdoor Environment

This paper described an analysis the different capabilities and limitation of both IEEE technologies that has been utilized for data transmission directed to mobile device. In this work, we have compared an IEEE 802.11/g/n outdoor environment to know what technology is better. the comparison consider on coverage area (mobility), through put and measuring the interferences. The work presented here is to help the researchers to select the best technology depending of their deploying case, and investigate the best variant for outdoor. The tool used is Iperf software which is to measure the data transmission performance of IEEE 802.11n and IEEE 802.11g

It Goes Beyond Product - Business Innovativeness and Consumer's New Values Adoption

The concept of consumer behavior in today’s trend of competitiveness has been enriched by the study on consumer’s adaptation to new values. More specifically in this new era of digital technology business has been able to creatively promote values in which consumer’s loyalty is systematically developed. Business sells beyond product. Hierarchical regression and One-way Anova were employed to show the dynamic process of new values adoption. The respondents were Generation Z in Palembang – Indonesia. Within this scheme the process of new values adoption is conditioned by the innovative capacity of the business ie. innovativeness that attracts the market to learn newness. Consequently, consumer has become more advanced in his involvement to adapt with the innovativeness of the business. This conceptual research intends to rationalize the dynamic of consumer’s new values adoption within the frame of business innovativeness

Nature in Megacities: São Paulo/Brazil - A Case Study

Die vorliegende Studie analysiert Umweltdienstleistungen von städtischer Vegetation innerhalb der Stadtgrenzen einer Megacity durch maßstabsübergreifende Modellierung und versucht ihren Nutzen näherungsweise zu quantifizieren. Aus verschiedenen Blickwinkeln werden die Vorteile (sowie die Herausforderungen) von in Städte eingebetteter Natur für die Bevölkerung aufgezeigt. Aus geographischer Sicht wird, hier am Fallbeispiel der Stadt São Paulo/ Brasilien, das Profil der Megastädte in den niedrigen (tropischen) Breiten betrachtet. Im allgemeinen wird die städtische Vegetation dort von Bevölkerung, Regierungen und ökonomischen Strukturen vernachlässigt. Sie ist zwar spärlich vorhanden, wird aber kaum bewusst wahrgenommen.Während der kurzen Geschichte rasanter Verstädterung, die von massiver Umweltzerstörung begleitet ist, wird Stadtgrün im Disput um den Raum in Städten wie São Paulo zum wahren Luxus. Nicht als Rückentwicklung, sondern als Fortschritt, wird gezeigt, daß ein Ideal durch die Verflechtung zwischen Natur und Stadt dargestellt würde. Die näherungsweise Quantifizierung der Variationen zwischen aktuellem Szenario und begrünten Szenarien zeigt die Notwendigkeit das städtische Biom als ein vom Menschen dominiertes Ökosystem neu zu überdenken. Die Nutzen von städtischer Vegetation sind facettenreich. Diese Arbeit detailliert Vegetation als Katalysator des klimatischen und ökologischen Gleichgewichtes. Des weiteren behandlt sie aktuelle Themen wie Klimawandel, Energieeffizienz und thermische Behaglichkeit, sowie die Reinigung der natürlichen Ressourcen Boden, Wasser und Luft. Insbesondere da derzeit keine effizienten technischen Lösungen existieren, um die Umweltleistungen der Vegetation zu ersetzten. Diese Nutzen tragen zur Lebensqualität und in kontrastreichen Megastädten insbesondere zu sozio-ökologischer Gerechtigkeit bei. Die Vegetation hat in Städten zwei wichtige Dimensionen. Die funktionale Seite bringt konkrete, meßbare Umweltnutzen. Aus symbolischer Sicht repräsentiert Vegetation Natur in Städten, sowie ursprüngliche Naturverbundenheit des Menschen. Zusammenfassend verteidigt die Studie die Wichtigkeit und Wertschätzung von Natur und die vereinigten Anstrengung für wirklich grüne Städte, u.a. weil diese Arbeit zeigt, dass finanzielle Investitionen in städtische Vegetation sich direkt auf die Kosten für das Gesundheitssystem und die Infrastruktur auswirken. Die Stadtregierung São Paulo investierte 2008 umgerechnet 122 Millionen Euro (einhundertzweiundzwanzig Millionen Euro) in Stadtgrün (und Umwelt), dass jährlich mindestens 665 Millionen Euro (Sechshunderfünfundsechzig Millionen Euro) einspart. D.h. mit anderen Worten, dass jeder Euro 1 der in Pflanzung und Pflege von Stadtgrün investiert wird, der Gesellschaft, und damit letzendlich den Einwohnern São Paulos, Ausgaben von mindestens 5 Euro für Gesundheit, den Bau von Regenwasserrückhaltebecken, Energie etc. einspart.The present study analysis the environmental benefits of urban vegetation within the municipal boundary of a megacity through multi scale integrated modelling to estimate its benefits approximately. The advantages (and challenges) that Nature, inserted into cities, offers to the population are observed from different viewpoints. As geographical reference the profile of megacities located in low (tropical) latitudes was observed, in a case study on the city of São Paulo/ Brazil. Commonly, urban vegetation is overlooked by local people, governments and economical structures. Although sparse vegetation exists, it is hardly recognized. Along the brief history of rapid urbanization which is accompanied by massive environmental degradation, urban green becomes, in the dispute for space, a true luxury in cities like São Paulo. Not as retrogression but as advance, it demonstrates that the integration between nature and city would be desirable. The approximated quantification of the variations which occur between actual scenario and greened scenarios shows the need to rethink the urban biome as a man-dominated ecosystem. The benefits of the urban vegetation are diverse. This work details plants as agents of climatic and ecosystem balance and performance. It also approaches current issues like climate change, energy efficiency and thermal comfort, as well as the purification of natural resources, through the treatment of water, soil and air. Especially because at present no efficient technical solutions exist, that could substitute the environmental services of the vegetation. These benefits contribute to quality of life and increase socio-environmental equity especially important in high-contrast megacities. The vegetation assumes two important roles in cities. The functional dimension brings concrete and measurable benefits to the environment. From a symbolic vision, vegetation represents Nature in cities, approximating humans to their origins. Conclusively the study defends the importance of the valorization of Nature and of the united efforts for literally green cities because it proves that financial investment in urban vegetation has direct effects on the costs destined to the areas of health and infrastructure. The City of São Paulo, invested in 2008 about US$180 million (one hundred and eighty million dollars) in urban green (and environment) which tends to save US$ 980 million (nine hundred and eighty million dollars) of expenses annually. In other words, for each US$1 invested in planting and maintenance of urban green, the society saves at least US$ 5 of expenses in health, construction of French drains, energy etc

Leading Towards Voice and Innovation: The Role of Psychological Contract

Background: Empirical evidence generally suggests that psychological contract breach (PCB) leads to negative outcomes. However, some literature argues that, occasionally, PCB leads to positive outcomes. Aim: To empirically determine when these positive outcomes occur, focusing on the role of psychological contract (PC) and leadership style (LS), and outcomes such as employ voice (EV) and innovative work behaviour (IWB). Method: A cross-sectional survey design was adopted, using reputable questionnaires on PC, PCB, EV, IWB, and leadership styles. Correlation analyses were used to test direct links within the model, while regression analyses were used to test for the moderation effects. Results: Data with acceptable psychometric properties were collected from 11 organisations (N=620). The results revealed that PCB does not lead to substantial changes in IWB. PCB correlated positively with prohibitive EV, but did not influence promotive EV, which was a significant driver of IWB. Leadership styles were weak predictors of EV and IWB, and LS only partially moderated the PCB-EV relationship. Conclusion: PCB did not lead to positive outcomes. Neither did LS influencing the relationships between PCB and EV or IWB. Further, LS only partially influenced the relationships between variables, and not in a manner which positively influence IWB